Race Condition Vulnerability in CODESYS Control Runtime for Linux and QNX
CVE-2025-41739

5.9MEDIUM

Key Information:

Vendor: Codesys
Status: Codesys Plchandler; Codesys Remote Target Visu; Codesys Runtime Toolkit; Codesys Control For Beaglebone Sl
Vendor: CVE Published:; 1 December 2025

What is CVE-2025-41739?

An unauthenticated remote attacker can exploit a vulnerability within the communication servers of the CODESYS Control runtime system on Linux and QNX platforms. By successfully navigating a specific race condition, the attacker is able to trigger an out-of-bounds read through specially crafted socket communication, potentially leading to a denial of service situation. This vulnerability emphasizes the critical need for robust security measures in industrial automation environments.

Affected Version(s)

CODESYS Control for BeagleBone SL 4.15.0.0 < 4.19.0.0

CODESYS Control for emPC-A/iMX6 SL 4.15.0.0 < 4.19.0.0

CODESYS Control for IOT2000 SL 4.15.0.0 < 4.19.0.0

References

https://certvde.com/de/advisories/VDE-2025-099

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 1, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

ABB AG

CVE-2025-41739 Data

JSON

Codesys

What is CVE-2025-41739?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit